@opensip-cli/checks-universal 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (620) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +8 -0
  3. package/README.md +31 -0
  4. package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
  5. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
  6. package/dist/__tests__/all-checks-execute.test.js +452 -0
  7. package/dist/__tests__/all-checks-execute.test.js.map +1 -0
  8. package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
  9. package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
  10. package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
  11. package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
  12. package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
  13. package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
  14. package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
  15. package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
  16. package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
  17. package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
  18. package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
  19. package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
  20. package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
  21. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
  22. package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
  23. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
  24. package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
  25. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
  26. package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
  27. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
  28. package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
  29. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
  30. package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
  31. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
  32. package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
  33. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
  34. package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
  35. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
  36. package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
  37. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
  38. package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
  39. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
  40. package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
  41. package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
  42. package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
  43. package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
  44. package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
  45. package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
  46. package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
  47. package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
  48. package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
  49. package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
  50. package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
  51. package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
  52. package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
  53. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
  54. package/dist/__tests__/behavior-fixtures.test.js +1423 -0
  55. package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
  56. package/dist/__tests__/checks.test.d.ts +2 -0
  57. package/dist/__tests__/checks.test.d.ts.map +1 -0
  58. package/dist/__tests__/checks.test.js +61 -0
  59. package/dist/__tests__/checks.test.js.map +1 -0
  60. package/dist/__tests__/env-var-validation.test.d.ts +14 -0
  61. package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
  62. package/dist/__tests__/env-var-validation.test.js +53 -0
  63. package/dist/__tests__/env-var-validation.test.js.map +1 -0
  64. package/dist/__tests__/file-length-limit.test.d.ts +2 -0
  65. package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
  66. package/dist/__tests__/file-length-limit.test.js +29 -0
  67. package/dist/__tests__/file-length-limit.test.js.map +1 -0
  68. package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
  69. package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
  70. package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
  71. package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
  72. package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
  73. package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
  74. package/dist/__tests__/fixture-coverage.test.js +57 -0
  75. package/dist/__tests__/fixture-coverage.test.js.map +1 -0
  76. package/dist/__tests__/iic.test.d.ts +15 -0
  77. package/dist/__tests__/iic.test.d.ts.map +1 -0
  78. package/dist/__tests__/iic.test.js +316 -0
  79. package/dist/__tests__/iic.test.js.map +1 -0
  80. package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
  81. package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
  82. package/dist/__tests__/no-skipped-tests.test.js +144 -0
  83. package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
  84. package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
  85. package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
  86. package/dist/__tests__/no-todo-comments.test.js +31 -0
  87. package/dist/__tests__/no-todo-comments.test.js.map +1 -0
  88. package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
  89. package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
  90. package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
  91. package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
  92. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
  93. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
  94. package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
  95. package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
  96. package/dist/__tests__/resilience-fp.test.d.ts +14 -0
  97. package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
  98. package/dist/__tests__/resilience-fp.test.js +110 -0
  99. package/dist/__tests__/resilience-fp.test.js.map +1 -0
  100. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
  101. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
  102. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
  103. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
  104. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
  105. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
  106. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
  107. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
  108. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
  109. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
  110. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
  111. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
  112. package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
  113. package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
  114. package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
  115. package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
  116. package/dist/checks/architecture/dependencies/index.d.ts +2 -0
  117. package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
  118. package/dist/checks/architecture/dependencies/index.js +2 -0
  119. package/dist/checks/architecture/dependencies/index.js.map +1 -0
  120. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
  121. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
  122. package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
  123. package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
  124. package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
  125. package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
  126. package/dist/checks/architecture/docker-best-practices.js +427 -0
  127. package/dist/checks/architecture/docker-best-practices.js.map +1 -0
  128. package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
  129. package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
  130. package/dist/checks/architecture/docker-ignore-validation.js +117 -0
  131. package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
  132. package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
  133. package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
  134. package/dist/checks/architecture/docker-version-sync.js +193 -0
  135. package/dist/checks/architecture/docker-version-sync.js.map +1 -0
  136. package/dist/checks/architecture/env-var-validation.d.ts +14 -0
  137. package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
  138. package/dist/checks/architecture/env-var-validation.js +289 -0
  139. package/dist/checks/architecture/env-var-validation.js.map +1 -0
  140. package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
  141. package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
  142. package/dist/checks/architecture/heavy-import-detection.js +91 -0
  143. package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
  144. package/dist/checks/architecture/index.d.ts +16 -0
  145. package/dist/checks/architecture/index.d.ts.map +1 -0
  146. package/dist/checks/architecture/index.js +16 -0
  147. package/dist/checks/architecture/index.js.map +1 -0
  148. package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
  149. package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
  150. package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
  151. package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
  152. package/dist/checks/architecture/modules/index.d.ts +3 -0
  153. package/dist/checks/architecture/modules/index.d.ts.map +1 -0
  154. package/dist/checks/architecture/modules/index.js +3 -0
  155. package/dist/checks/architecture/modules/index.js.map +1 -0
  156. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
  157. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
  158. package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
  159. package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
  160. package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
  161. package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
  162. package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
  163. package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
  164. package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
  165. package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
  166. package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
  167. package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
  168. package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
  169. package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
  170. package/dist/checks/architecture/node-version-consistency.js +225 -0
  171. package/dist/checks/architecture/node-version-consistency.js.map +1 -0
  172. package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
  173. package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
  174. package/dist/checks/architecture/project-readme-existence.js +55 -0
  175. package/dist/checks/architecture/project-readme-existence.js.map +1 -0
  176. package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
  177. package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
  178. package/dist/checks/architecture/stale-build-artifacts.js +55 -0
  179. package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
  180. package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
  181. package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
  182. package/dist/checks/architecture/tool-has-manifest.js +135 -0
  183. package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
  184. package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
  185. package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
  186. package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
  187. package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
  188. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
  189. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
  190. package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
  191. package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
  192. package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
  193. package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
  194. package/dist/checks/documentation/_directives/eslint.js +168 -0
  195. package/dist/checks/documentation/_directives/eslint.js.map +1 -0
  196. package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
  197. package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
  198. package/dist/checks/documentation/_directives/fitness.js +64 -0
  199. package/dist/checks/documentation/_directives/fitness.js.map +1 -0
  200. package/dist/checks/documentation/_directives/graph.d.ts +10 -0
  201. package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
  202. package/dist/checks/documentation/_directives/graph.js +65 -0
  203. package/dist/checks/documentation/_directives/graph.js.map +1 -0
  204. package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
  205. package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
  206. package/dist/checks/documentation/_directives/graph.test.js +54 -0
  207. package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
  208. package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
  209. package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
  210. package/dist/checks/documentation/_directives/semgrep.js +72 -0
  211. package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
  212. package/dist/checks/documentation/_directives/types.d.ts +21 -0
  213. package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
  214. package/dist/checks/documentation/_directives/types.js +9 -0
  215. package/dist/checks/documentation/_directives/types.js.map +1 -0
  216. package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
  217. package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
  218. package/dist/checks/documentation/_directives/typescript.js +54 -0
  219. package/dist/checks/documentation/_directives/typescript.js.map +1 -0
  220. package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
  221. package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
  222. package/dist/checks/documentation/_public-api-graph.js +304 -0
  223. package/dist/checks/documentation/_public-api-graph.js.map +1 -0
  224. package/dist/checks/documentation/directive-audit.d.ts +26 -0
  225. package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
  226. package/dist/checks/documentation/directive-audit.js +144 -0
  227. package/dist/checks/documentation/directive-audit.js.map +1 -0
  228. package/dist/checks/documentation/index.d.ts +3 -0
  229. package/dist/checks/documentation/index.d.ts.map +1 -0
  230. package/dist/checks/documentation/index.js +3 -0
  231. package/dist/checks/documentation/index.js.map +1 -0
  232. package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
  233. package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
  234. package/dist/checks/documentation/public-api-jsdoc.js +131 -0
  235. package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
  236. package/dist/checks/file-length-limit.d.ts +16 -0
  237. package/dist/checks/file-length-limit.d.ts.map +1 -0
  238. package/dist/checks/file-length-limit.js +47 -0
  239. package/dist/checks/file-length-limit.js.map +1 -0
  240. package/dist/checks/index.d.ts +16 -0
  241. package/dist/checks/index.d.ts.map +1 -0
  242. package/dist/checks/index.js +16 -0
  243. package/dist/checks/index.js.map +1 -0
  244. package/dist/checks/no-todo-comments.d.ts +18 -0
  245. package/dist/checks/no-todo-comments.d.ts.map +1 -0
  246. package/dist/checks/no-todo-comments.js +79 -0
  247. package/dist/checks/no-todo-comments.js.map +1 -0
  248. package/dist/checks/no-unimplemented-markers.d.ts +24 -0
  249. package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
  250. package/dist/checks/no-unimplemented-markers.js +198 -0
  251. package/dist/checks/no-unimplemented-markers.js.map +1 -0
  252. package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
  253. package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
  254. package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
  255. package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
  256. package/dist/checks/quality/api/index.d.ts +3 -0
  257. package/dist/checks/quality/api/index.d.ts.map +1 -0
  258. package/dist/checks/quality/api/index.js +3 -0
  259. package/dist/checks/quality/api/index.js.map +1 -0
  260. package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
  261. package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
  262. package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
  263. package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
  264. package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
  265. package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
  266. package/dist/checks/quality/code-structure/dead-code.js +238 -0
  267. package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
  268. package/dist/checks/quality/code-structure/index.d.ts +5 -0
  269. package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
  270. package/dist/checks/quality/code-structure/index.js +5 -0
  271. package/dist/checks/quality/code-structure/index.js.map +1 -0
  272. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
  273. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
  274. package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
  275. package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
  276. package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
  277. package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
  278. package/dist/checks/quality/code-structure/no-console-log.js +106 -0
  279. package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
  280. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
  281. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
  282. package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
  283. package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
  284. package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
  285. package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
  286. package/dist/checks/quality/dependency-version-consistency.js +266 -0
  287. package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
  288. package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
  289. package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
  290. package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
  291. package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
  292. package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
  293. package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
  294. package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
  295. package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
  296. package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
  297. package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
  298. package/dist/checks/quality/frontend/image-optimization.js +166 -0
  299. package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
  300. package/dist/checks/quality/frontend/index.d.ts +4 -0
  301. package/dist/checks/quality/frontend/index.d.ts.map +1 -0
  302. package/dist/checks/quality/frontend/index.js +4 -0
  303. package/dist/checks/quality/frontend/index.js.map +1 -0
  304. package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
  305. package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
  306. package/dist/checks/quality/frontend/navigation-typing.js +77 -0
  307. package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
  308. package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
  309. package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
  310. package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
  311. package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
  312. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
  313. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
  314. package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
  315. package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
  316. package/dist/checks/quality/index.d.ts +16 -0
  317. package/dist/checks/quality/index.d.ts.map +1 -0
  318. package/dist/checks/quality/index.js +16 -0
  319. package/dist/checks/quality/index.js.map +1 -0
  320. package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
  321. package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
  322. package/dist/checks/quality/linting/eslint-justifications.js +328 -0
  323. package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
  324. package/dist/checks/quality/linting/index.d.ts +4 -0
  325. package/dist/checks/quality/linting/index.d.ts.map +1 -0
  326. package/dist/checks/quality/linting/index.js +4 -0
  327. package/dist/checks/quality/linting/index.js.map +1 -0
  328. package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
  329. package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
  330. package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
  331. package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
  332. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
  333. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
  334. package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
  335. package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
  336. package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
  337. package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
  338. package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
  339. package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
  340. package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
  341. package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
  342. package/dist/checks/quality/no-deprecated-tags.js +76 -0
  343. package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
  344. package/dist/checks/quality/no-markdown-references.d.ts +16 -0
  345. package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
  346. package/dist/checks/quality/no-markdown-references.js +145 -0
  347. package/dist/checks/quality/no-markdown-references.js.map +1 -0
  348. package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
  349. package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
  350. package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
  351. package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
  352. package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
  353. package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
  354. package/dist/checks/quality/no-temporary-workarounds.js +69 -0
  355. package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
  356. package/dist/checks/quality/no-window-alert.d.ts +19 -0
  357. package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
  358. package/dist/checks/quality/no-window-alert.js +74 -0
  359. package/dist/checks/quality/no-window-alert.js.map +1 -0
  360. package/dist/checks/quality/observability/index.d.ts +2 -0
  361. package/dist/checks/quality/observability/index.d.ts.map +1 -0
  362. package/dist/checks/quality/observability/index.js +2 -0
  363. package/dist/checks/quality/observability/index.js.map +1 -0
  364. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
  365. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
  366. package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
  367. package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
  368. package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
  369. package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
  370. package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
  371. package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
  372. package/dist/checks/quality/patterns/index.d.ts +4 -0
  373. package/dist/checks/quality/patterns/index.d.ts.map +1 -0
  374. package/dist/checks/quality/patterns/index.js +4 -0
  375. package/dist/checks/quality/patterns/index.js.map +1 -0
  376. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
  377. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
  378. package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
  379. package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
  380. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
  381. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
  382. package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
  383. package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
  384. package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
  385. package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
  386. package/dist/checks/resilience/_helpers/config-validation.js +61 -0
  387. package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
  388. package/dist/checks/resilience/batch-operations.d.ts +22 -0
  389. package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
  390. package/dist/checks/resilience/batch-operations.js +422 -0
  391. package/dist/checks/resilience/batch-operations.js.map +1 -0
  392. package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
  393. package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
  394. package/dist/checks/resilience/cache-ttl-validation.js +222 -0
  395. package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
  396. package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
  397. package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
  398. package/dist/checks/resilience/catch-clause-safety.js +110 -0
  399. package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
  400. package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
  401. package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
  402. package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
  403. package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
  404. package/dist/checks/resilience/error-code-registration.d.ts +11 -0
  405. package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
  406. package/dist/checks/resilience/error-code-registration.js +88 -0
  407. package/dist/checks/resilience/error-code-registration.js.map +1 -0
  408. package/dist/checks/resilience/event-patterns.d.ts +21 -0
  409. package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
  410. package/dist/checks/resilience/event-patterns.js +232 -0
  411. package/dist/checks/resilience/event-patterns.js.map +1 -0
  412. package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
  413. package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
  414. package/dist/checks/resilience/exit-code-correctness.js +107 -0
  415. package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
  416. package/dist/checks/resilience/index.d.ts +18 -0
  417. package/dist/checks/resilience/index.d.ts.map +1 -0
  418. package/dist/checks/resilience/index.js +18 -0
  419. package/dist/checks/resilience/index.js.map +1 -0
  420. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
  421. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
  422. package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
  423. package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
  424. package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
  425. package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
  426. package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
  427. package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
  428. package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
  429. package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
  430. package/dist/checks/resilience/readline-cleanup.js +107 -0
  431. package/dist/checks/resilience/readline-cleanup.js.map +1 -0
  432. package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
  433. package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
  434. package/dist/checks/resilience/recovery-patterns.js +273 -0
  435. package/dist/checks/resilience/recovery-patterns.js.map +1 -0
  436. package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
  437. package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
  438. package/dist/checks/resilience/reentrancy-guard.js +86 -0
  439. package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
  440. package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
  441. package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
  442. package/dist/checks/resilience/retry-config-validation.js +159 -0
  443. package/dist/checks/resilience/retry-config-validation.js.map +1 -0
  444. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
  445. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
  446. package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
  447. package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
  448. package/dist/checks/resilience/sentry/index.d.ts +8 -0
  449. package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
  450. package/dist/checks/resilience/sentry/index.js +8 -0
  451. package/dist/checks/resilience/sentry/index.js.map +1 -0
  452. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
  453. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
  454. package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
  455. package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
  456. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
  457. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
  458. package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
  459. package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
  460. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
  461. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
  462. package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
  463. package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
  464. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
  465. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
  466. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
  467. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
  468. package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
  469. package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
  470. package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
  471. package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
  472. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
  473. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
  474. package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
  475. package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
  476. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
  477. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
  478. package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
  479. package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
  480. package/dist/checks/resilience/service-patterns.d.ts +18 -0
  481. package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
  482. package/dist/checks/resilience/service-patterns.js +230 -0
  483. package/dist/checks/resilience/service-patterns.js.map +1 -0
  484. package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
  485. package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
  486. package/dist/checks/resilience/timer-lifecycle.js +78 -0
  487. package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
  488. package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
  489. package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
  490. package/dist/checks/resilience/transaction-patterns.js +258 -0
  491. package/dist/checks/resilience/transaction-patterns.js.map +1 -0
  492. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
  493. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
  494. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
  495. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
  496. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
  497. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
  498. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
  499. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
  500. package/dist/checks/security/api-key-rotation.d.ts +10 -0
  501. package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
  502. package/dist/checks/security/api-key-rotation.js +186 -0
  503. package/dist/checks/security/api-key-rotation.js.map +1 -0
  504. package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
  505. package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
  506. package/dist/checks/security/auth-middleware-coverage.js +210 -0
  507. package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
  508. package/dist/checks/security/auth-route-guard.d.ts +12 -0
  509. package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
  510. package/dist/checks/security/auth-route-guard.js +70 -0
  511. package/dist/checks/security/auth-route-guard.js.map +1 -0
  512. package/dist/checks/security/cors-configuration.d.ts +11 -0
  513. package/dist/checks/security/cors-configuration.d.ts.map +1 -0
  514. package/dist/checks/security/cors-configuration.js +126 -0
  515. package/dist/checks/security/cors-configuration.js.map +1 -0
  516. package/dist/checks/security/csp-headers.d.ts +11 -0
  517. package/dist/checks/security/csp-headers.d.ts.map +1 -0
  518. package/dist/checks/security/csp-headers.js +192 -0
  519. package/dist/checks/security/csp-headers.js.map +1 -0
  520. package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
  521. package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
  522. package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
  523. package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
  524. package/dist/checks/security/env-secret-exposure.d.ts +11 -0
  525. package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
  526. package/dist/checks/security/env-secret-exposure.js +127 -0
  527. package/dist/checks/security/env-secret-exposure.js.map +1 -0
  528. package/dist/checks/security/hasura-production-config.d.ts +11 -0
  529. package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
  530. package/dist/checks/security/hasura-production-config.js +122 -0
  531. package/dist/checks/security/hasura-production-config.js.map +1 -0
  532. package/dist/checks/security/index.d.ts +17 -0
  533. package/dist/checks/security/index.d.ts.map +1 -0
  534. package/dist/checks/security/index.js +17 -0
  535. package/dist/checks/security/index.js.map +1 -0
  536. package/dist/checks/security/jwt-validation.d.ts +11 -0
  537. package/dist/checks/security/jwt-validation.d.ts.map +1 -0
  538. package/dist/checks/security/jwt-validation.js +294 -0
  539. package/dist/checks/security/jwt-validation.js.map +1 -0
  540. package/dist/checks/security/no-eval.d.ts +16 -0
  541. package/dist/checks/security/no-eval.d.ts.map +1 -0
  542. package/dist/checks/security/no-eval.js +83 -0
  543. package/dist/checks/security/no-eval.js.map +1 -0
  544. package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
  545. package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
  546. package/dist/checks/security/no-hardcoded-secrets.js +209 -0
  547. package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
  548. package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
  549. package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
  550. package/dist/checks/security/package-supply-chain-policy.js +534 -0
  551. package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
  552. package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
  553. package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
  554. package/dist/checks/security/rate-limit-coverage.js +143 -0
  555. package/dist/checks/security/rate-limit-coverage.js.map +1 -0
  556. package/dist/checks/security/semgrep-scan.d.ts +13 -0
  557. package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
  558. package/dist/checks/security/semgrep-scan.js +86 -0
  559. package/dist/checks/security/semgrep-scan.js.map +1 -0
  560. package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
  561. package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
  562. package/dist/checks/security/use-centralized-crypto.js +129 -0
  563. package/dist/checks/security/use-centralized-crypto.js.map +1 -0
  564. package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
  565. package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
  566. package/dist/checks/security/webhook-signature-verification.js +183 -0
  567. package/dist/checks/security/webhook-signature-verification.js.map +1 -0
  568. package/dist/checks/testing/index.d.ts +6 -0
  569. package/dist/checks/testing/index.d.ts.map +1 -0
  570. package/dist/checks/testing/index.js +6 -0
  571. package/dist/checks/testing/index.js.map +1 -0
  572. package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
  573. package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
  574. package/dist/checks/testing/no-skipped-tests.js +174 -0
  575. package/dist/checks/testing/no-skipped-tests.js.map +1 -0
  576. package/dist/checks/testing/no-stub-tests.d.ts +11 -0
  577. package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
  578. package/dist/checks/testing/no-stub-tests.js +103 -0
  579. package/dist/checks/testing/no-stub-tests.js.map +1 -0
  580. package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
  581. package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
  582. package/dist/checks/testing/test-convention-consistency.js +93 -0
  583. package/dist/checks/testing/test-convention-consistency.js.map +1 -0
  584. package/dist/checks/testing/test-file-naming.d.ts +13 -0
  585. package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
  586. package/dist/checks/testing/test-file-naming.js +218 -0
  587. package/dist/checks/testing/test-file-naming.js.map +1 -0
  588. package/dist/checks/testing/test-file-pairing.d.ts +13 -0
  589. package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
  590. package/dist/checks/testing/test-file-pairing.js +274 -0
  591. package/dist/checks/testing/test-file-pairing.js.map +1 -0
  592. package/dist/display/architecture.d.ts +9 -0
  593. package/dist/display/architecture.d.ts.map +1 -0
  594. package/dist/display/architecture.js +29 -0
  595. package/dist/display/architecture.js.map +1 -0
  596. package/dist/display/index.d.ts +20 -0
  597. package/dist/display/index.d.ts.map +1 -0
  598. package/dist/display/index.js +30 -0
  599. package/dist/display/index.js.map +1 -0
  600. package/dist/display/quality.d.ts +7 -0
  601. package/dist/display/quality.d.ts.map +1 -0
  602. package/dist/display/quality.js +34 -0
  603. package/dist/display/quality.js.map +1 -0
  604. package/dist/display/resilience.d.ts +7 -0
  605. package/dist/display/resilience.d.ts.map +1 -0
  606. package/dist/display/resilience.js +36 -0
  607. package/dist/display/resilience.js.map +1 -0
  608. package/dist/display/security-testing.d.ts +9 -0
  609. package/dist/display/security-testing.d.ts.map +1 -0
  610. package/dist/display/security-testing.js +31 -0
  611. package/dist/display/security-testing.js.map +1 -0
  612. package/dist/display/types.d.ts +6 -0
  613. package/dist/display/types.d.ts.map +1 -0
  614. package/dist/display/types.js +6 -0
  615. package/dist/display/types.js.map +1 -0
  616. package/dist/index.d.ts +19 -0
  617. package/dist/index.d.ts.map +1 -0
  618. package/dist/index.js +21 -0
  619. package/dist/index.js.map +1 -0
  620. package/package.json +52 -0
@@ -0,0 +1,126 @@
1
+ // @fitness-ignore-file cors-configuration -- Fitness check definition; regex patterns reference CORS tokens for detection purposes, not actual CORS configuration
2
+ /**
3
+ * @fileoverview Validate CORS configuration follows security best practices
4
+ */
5
+ import { logger } from '@opensip-cli/core';
6
+ import { defineCheck } from '@opensip-cli/fitness';
7
+ /**
8
+ * Pre-compiled CORS security patterns for static code analysis.
9
+ * These patterns are intentional and safe - they are used to detect CORS misconfigurations
10
+ * in source code, not to parse untrusted user input. The patterns have bounded quantifiers
11
+ * and do not have catastrophic backtracking issues.
12
+ */
13
+ // Wildcard origin: origin: "*" or origin = "*"
14
+ const WILDCARD_ORIGIN_PATTERN = /origin\s{0,10}[:=]\s{0,10}(['"])\*\1/g;
15
+ // Wildcard origin with credentials (simplified to avoid backtracking)
16
+ const WILDCARD_WITH_CREDS_PATTERN = /origin\s{0,10}[:=]\s{0,10}(['"])\*\1[^}]{0,200}credentials\s{0,10}[:=]\s{0,10}true/gi;
17
+ // Reflecting origin without validation
18
+ const REFLECTING_ORIGIN_PATTERN = /origin\s{0,10}[:=]\s{0,10}(?:request|req)\.headers?\.origin/gi;
19
+ // All origins allowed
20
+ const ORIGIN_TRUE_PATTERN = /origin\s{0,10}[:=]\s{0,10}true/g;
21
+ // Missing credentials in CORS call (simplified)
22
+ const MISSING_CREDS_PATTERN = /cors\s{0,10}\([^)]{0,500}\)(?![^}]{0,200}credentials)/gi;
23
+ // Patterns that indicate CORS security issues
24
+ const CORS_SECURITY_PATTERNS = [
25
+ // Wildcard origin
26
+ {
27
+ regex: WILDCARD_ORIGIN_PATTERN,
28
+ message: 'CORS allows wildcard origin - specify allowed origins explicitly',
29
+ suggestion: 'Replace "*" with an array of allowed origins: origin: ["https://app.example.com", "https://admin.example.com"]. Use environment variables for different environments.',
30
+ severity: 'error',
31
+ },
32
+ // Wildcard origin with credentials
33
+ {
34
+ regex: WILDCARD_WITH_CREDS_PATTERN,
35
+ message: 'CORS wildcard origin with credentials is dangerous - browsers block this combination',
36
+ suggestion: 'When using credentials: true, you must specify explicit origins. Browsers block wildcard origin with credentials for security.',
37
+ severity: 'error',
38
+ },
39
+ // Reflecting origin without validation
40
+ {
41
+ regex: REFLECTING_ORIGIN_PATTERN,
42
+ message: 'CORS reflecting request origin without validation - validate against allowlist',
43
+ suggestion: 'Validate the origin against an allowlist before reflecting: const allowedOrigins = new Set([...]); origin: (origin, cb) => cb(null, allowedOrigins.has(origin))',
44
+ severity: 'error',
45
+ },
46
+ // All origins allowed in array
47
+ {
48
+ regex: ORIGIN_TRUE_PATTERN,
49
+ message: 'CORS origin: true reflects any origin - specify allowed origins',
50
+ suggestion: 'Replace origin: true with an explicit list of allowed origins or a validation function.',
51
+ severity: 'warning',
52
+ },
53
+ // Missing credentials in potentially authenticated context
54
+ {
55
+ regex: MISSING_CREDS_PATTERN,
56
+ message: 'CORS configuration may be missing credentials setting',
57
+ suggestion: 'If this API uses cookies or Authorization headers, add credentials: true to allow credentialed requests.',
58
+ severity: 'warning',
59
+ },
60
+ ];
61
+ /**
62
+ * Check: security/cors-configuration
63
+ *
64
+ * Validates CORS configuration is properly restrictive.
65
+ * Prevents overly permissive cross-origin access.
66
+ */
67
+ export const corsConfiguration = defineCheck({
68
+ id: '0ea65e8a-4ee3-43b5-9d7f-dc39fe6fafeb',
69
+ slug: 'cors-configuration',
70
+ disabled: true,
71
+ scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
72
+ contentFilter: 'raw',
73
+ confidence: 'medium',
74
+ description: 'Validate CORS configuration follows security best practices',
75
+ longDescription: `**Purpose:** Validates that CORS configuration is properly restrictive and does not allow overly permissive cross-origin access.
76
+
77
+ **Detects:**
78
+ - Wildcard origin: \`origin: "*"\` or \`origin = "*"\`
79
+ - Wildcard origin combined with \`credentials: true\` (browser-rejected but indicates misconfiguration)
80
+ - Reflecting request origin without validation: \`origin: request.headers.origin\`
81
+ - Blanket allow: \`origin: true\`
82
+ - CORS calls potentially missing \`credentials\` setting
83
+
84
+ **Why it matters:** Overly permissive CORS allows malicious websites to make authenticated requests to your API, enabling CSRF and data theft.
85
+
86
+ **Scope:** General best practice. Analyzes each file individually. Only scans files containing "cors".`,
87
+ tags: ['security', 'cors', 'configuration'],
88
+ fileTypes: ['ts'],
89
+ analyze(content, filePath) {
90
+ logger.debug({
91
+ evt: 'fitness.checks.cors_configuration.analyze',
92
+ msg: 'Analyzing file for CORS configuration issues',
93
+ });
94
+ // Only scan files that might contain CORS config
95
+ if (!/cors/i.test(content)) {
96
+ return [];
97
+ }
98
+ const violations = [];
99
+ const lines = content.split('\n');
100
+ for (const [lineNum, line_] of lines.entries()) {
101
+ const line = line_ ?? '';
102
+ // Skip comments
103
+ if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
104
+ continue;
105
+ }
106
+ for (const pattern of CORS_SECURITY_PATTERNS) {
107
+ // Reset regex state
108
+ pattern.regex.lastIndex = 0;
109
+ const match = pattern.regex.exec(line);
110
+ if (match) {
111
+ violations.push({
112
+ line: lineNum + 1,
113
+ column: match.index,
114
+ message: pattern.message,
115
+ severity: pattern.severity,
116
+ suggestion: pattern.suggestion,
117
+ match: match[0],
118
+ filePath,
119
+ });
120
+ }
121
+ }
122
+ }
123
+ return violations;
124
+ },
125
+ });
126
+ //# sourceMappingURL=cors-configuration.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cors-configuration.js","sourceRoot":"","sources":["../../../src/checks/security/cors-configuration.ts"],"names":[],"mappings":"AAAA,kKAAkK;AAClK;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAExE;;;;;GAKG;AACH,+CAA+C;AAC/C,MAAM,uBAAuB,GAAG,uCAAuC,CAAC;AACxE,sEAAsE;AACtE,MAAM,2BAA2B,GAC/B,sFAAsF,CAAC;AACzF,uCAAuC;AACvC,MAAM,yBAAyB,GAAG,+DAA+D,CAAC;AAClG,sBAAsB;AACtB,MAAM,mBAAmB,GAAG,iCAAiC,CAAC;AAC9D,gDAAgD;AAChD,MAAM,qBAAqB,GAAG,yDAAyD,CAAC;AAExF,8CAA8C;AAC9C,MAAM,sBAAsB,GAAG;IAC7B,kBAAkB;IAClB;QACE,KAAK,EAAE,uBAAuB;QAC9B,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EACR,uKAAuK;QACzK,QAAQ,EAAE,OAAgB;KAC3B;IACD,mCAAmC;IACnC;QACE,KAAK,EAAE,2BAA2B;QAClC,OAAO,EAAE,sFAAsF;QAC/F,UAAU,EACR,gIAAgI;QAClI,QAAQ,EAAE,OAAgB;KAC3B;IACD,uCAAuC;IACvC;QACE,KAAK,EAAE,yBAAyB;QAChC,OAAO,EAAE,gFAAgF;QACzF,UAAU,EACR,iKAAiK;QACnK,QAAQ,EAAE,OAAgB;KAC3B;IACD,+BAA+B;IAC/B;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,iEAAiE;QAC1E,UAAU,EACR,yFAAyF;QAC3F,QAAQ,EAAE,SAAkB;KAC7B;IACD,2DAA2D;IAC3D;QACE,KAAK,EAAE,qBAAqB;QAC5B,OAAO,EAAE,uDAAuD;QAChE,UAAU,EACR,0GAA0G;QAC5G,QAAQ,EAAE,SAAkB;KAC7B;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,WAAW,CAAC;IAC3C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,oBAAoB;IAC1B,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,KAAK;IAEpB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,6DAA6D;IAC1E,eAAe,EAAE;;;;;;;;;;;uGAWoF;IACrG,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,eAAe,CAAC;IAC3C,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,2CAA2C;YAChD,GAAG,EAAE,8CAA8C;SACpD,CAAC,CAAC;QACH,iDAAiD;QACjD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAEzB,gBAAgB;YAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;gBAC7C,oBAAoB;gBACpB,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,OAAO,GAAG,CAAC;wBACjB,MAAM,EAAE,KAAK,CAAC,KAAK;wBACnB,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,11 @@
1
+ /**
2
+ * @fileoverview Validate Content Security Policy headers configuration
3
+ */
4
+ /**
5
+ * Check: security/csp-headers
6
+ *
7
+ * Validates Content Security Policy headers are properly configured.
8
+ * Prevents XSS and other injection attacks.
9
+ */
10
+ export declare const cspHeaders: import("@opensip-cli/fitness").Check;
11
+ //# sourceMappingURL=csp-headers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"csp-headers.d.ts","sourceRoot":"","sources":["../../../src/checks/security/csp-headers.ts"],"names":[],"mappings":"AAIA;;GAEG;AAqIH;;;;;GAKG;AACH,eAAO,MAAM,UAAU,sCA+DrB,CAAC"}
@@ -0,0 +1,192 @@
1
+ // @fitness-ignore-file no-eval -- String literals referencing eval()/Function() in CSP check descriptions and suggestions, not actual usage
2
+ // @fitness-ignore-file fitness-ignore-validation -- Fitness-ignore directives reference internal check IDs that may not be statically resolvable
3
+ // @fitness-ignore-file file-length-limit -- Complex module with tightly coupled logic; refactoring would risk breaking changes
4
+ // @fitness-ignore-file csp-headers -- Fitness check definition, not production CSP configuration
5
+ /**
6
+ * @fileoverview Validate Content Security Policy headers configuration
7
+ */
8
+ import { logger } from '@opensip-cli/core';
9
+ import { defineCheck, isCommentLine } from '@opensip-cli/fitness';
10
+ /**
11
+ * Match unsafe-inline CSP directive
12
+ */
13
+ function matchUnsafeInline(line) {
14
+ logger.debug({
15
+ evt: 'fitness.checks.csp_headers.match_unsafe_inline',
16
+ msg: 'Checking for unsafe-inline CSP directive',
17
+ });
18
+ return /['"`]unsafe-inline['"`]/i.exec(line);
19
+ }
20
+ /**
21
+ * Match unsafe-eval CSP directive
22
+ */
23
+ function matchUnsafeEval(line) {
24
+ logger.debug({
25
+ evt: 'fitness.checks.csp_headers.match_unsafe_eval',
26
+ msg: 'Checking for unsafe-eval CSP directive',
27
+ });
28
+ return /['"`]unsafe-eval['"`]/i.exec(line);
29
+ }
30
+ /**
31
+ * Match wildcard in CSP directive
32
+ */
33
+ function matchCspWildcard(line) {
34
+ logger.debug({
35
+ evt: 'fitness.checks.csp_headers.match_csp_wildcard',
36
+ msg: 'Checking for wildcard in CSP directive',
37
+ });
38
+ const lowerLine = line.toLowerCase();
39
+ const cspDirectives = ['default-src', 'script-src', 'style-src', 'img-src', 'connect-src'];
40
+ for (const directive of cspDirectives) {
41
+ if (lowerLine.includes(directive)) {
42
+ const match = /['"]\*['"]/i.exec(line);
43
+ if (match)
44
+ return match;
45
+ }
46
+ }
47
+ return null;
48
+ }
49
+ /**
50
+ * Match CSP config missing default-src
51
+ */
52
+ function matchMissingDefaultSrc(line) {
53
+ logger.debug({
54
+ evt: 'fitness.checks.csp_headers.match_missing_default_src',
55
+ msg: 'Checking for missing default-src CSP directive',
56
+ });
57
+ const lowerLine = line.toLowerCase();
58
+ if (!lowerLine.includes('contentsecuritypolicy'))
59
+ return null;
60
+ if (lowerLine.includes('defaultsrc') || lowerLine.includes('default-src'))
61
+ return null;
62
+ // @fitness-ignore-next-line sonarjs-regular-expr -- Simple pattern with no backtracking; \s* followed by character class, then literal
63
+ return /contentSecurityPolicy\s*[:=]\s*\{/i.exec(line);
64
+ }
65
+ /**
66
+ * Match data: URI in script-src
67
+ */
68
+ function matchDataUriInScriptSrc(line) {
69
+ logger.debug({
70
+ evt: 'fitness.checks.csp_headers.match_data_uri_in_script_src',
71
+ msg: 'Checking for data URI in script-src directive',
72
+ });
73
+ const lowerLine = line.toLowerCase();
74
+ if (!lowerLine.includes('script-src'))
75
+ return null;
76
+ return /['"`]data:['"`]/i.exec(line);
77
+ }
78
+ // Patterns that indicate CSP issues
79
+ const CSP_SECURITY_PATTERNS = [
80
+ // Unsafe inline scripts
81
+ {
82
+ match: matchUnsafeInline,
83
+ message: "CSP 'unsafe-inline' detected - avoid inline scripts/styles if possible",
84
+ suggestion: "Use nonces or hashes instead of 'unsafe-inline'. For scripts, use script-src 'nonce-{random}' and add nonce attribute to script tags. For styles, extract to external stylesheets.",
85
+ severity: 'warning',
86
+ },
87
+ // Unsafe eval
88
+ {
89
+ match: matchUnsafeEval,
90
+ message: "CSP 'unsafe-eval' detected - this allows eval() and similar dangerous functions",
91
+ suggestion: "Remove 'unsafe-eval' and refactor code that uses eval(), new Function(), or setTimeout/setInterval with string arguments. Use proper JSON parsing and precompiled templates.",
92
+ severity: 'error',
93
+ },
94
+ // Wildcard in CSP
95
+ {
96
+ match: matchCspWildcard,
97
+ message: 'CSP wildcard (*) directive detected - use specific origins',
98
+ suggestion: 'Replace wildcard (*) with specific trusted origins. For images/fonts, list CDN domains explicitly. For API calls, list your API domains.',
99
+ severity: 'warning',
100
+ },
101
+ // Missing default-src
102
+ {
103
+ match: matchMissingDefaultSrc,
104
+ message: 'CSP configuration may be missing default-src directive',
105
+ suggestion: 'Add default-src: ["\'self\'"] as a fallback policy. This restricts resources to same-origin by default unless overridden by more specific directives.',
106
+ severity: 'warning',
107
+ },
108
+ // data: URI in script-src (dangerous)
109
+ {
110
+ match: matchDataUriInScriptSrc,
111
+ message: "CSP script-src with 'data:' URI is dangerous - can execute arbitrary code",
112
+ suggestion: "Remove 'data:' from script-src. Data URIs in scripts allow arbitrary code execution, defeating the purpose of CSP. Move scripts to external files or use nonces.",
113
+ severity: 'error',
114
+ },
115
+ ];
116
+ // Files likely to contain CSP configuration
117
+ const CSP_CONFIG_PATTERNS = ['helmet', 'contentsecuritypolicy', 'content-security-policy', 'csp'];
118
+ /**
119
+ * Check if content contains CSP configuration references
120
+ */
121
+ function containsCspContent(content) {
122
+ logger.debug({
123
+ evt: 'fitness.checks.csp_headers.contains_csp_content',
124
+ msg: 'Checking if content contains CSP configuration references',
125
+ });
126
+ const lowerContent = content.toLowerCase();
127
+ return CSP_CONFIG_PATTERNS.some((pattern) => lowerContent.includes(pattern));
128
+ }
129
+ /**
130
+ * Check: security/csp-headers
131
+ *
132
+ * Validates Content Security Policy headers are properly configured.
133
+ * Prevents XSS and other injection attacks.
134
+ */
135
+ export const cspHeaders = defineCheck({
136
+ id: 'ab02c5a5-881d-4004-a655-0ec73944bbe1',
137
+ slug: 'csp-headers',
138
+ disabled: true,
139
+ scope: { languages: ['typescript', 'tsx'], concerns: ['frontend', 'ui'] },
140
+ contentFilter: 'raw',
141
+ confidence: 'medium',
142
+ description: 'Validate Content Security Policy headers configuration',
143
+ longDescription: `**Purpose:** Validates that Content Security Policy (CSP) headers are configured securely, preventing XSS and code injection attacks.
144
+
145
+ **Detects:**
146
+ - \`'unsafe-inline'\` in CSP directives (allows inline scripts/styles)
147
+ - \`'unsafe-eval'\` in CSP directives (allows eval() and similar)
148
+ - Wildcard \`*\` in CSP source directives (default-src, script-src, style-src, img-src, connect-src)
149
+ - Missing \`default-src\` in contentSecurityPolicy configuration objects
150
+ - \`data:\` URI in script-src (allows arbitrary code execution)
151
+
152
+ **Why it matters:** Weak CSP directives undermine the primary browser defense against XSS. A properly configured CSP blocks injected scripts even when other defenses fail.
153
+
154
+ **Scope:** General best practice. Analyzes each file individually. Only scans files containing helmet, contentSecurityPolicy, or csp references.`,
155
+ tags: ['security', 'csp', 'headers', 'xss'],
156
+ fileTypes: ['ts'],
157
+ analyze(content, filePath) {
158
+ logger.debug({
159
+ evt: 'fitness.checks.csp_headers.analyze',
160
+ msg: 'Analyzing file for CSP header configuration issues',
161
+ });
162
+ // Only scan files that might contain CSP config
163
+ if (!containsCspContent(content)) {
164
+ return [];
165
+ }
166
+ const violations = [];
167
+ const lines = content.split('\n');
168
+ for (const [lineNum, line_] of lines.entries()) {
169
+ const line = line_ ?? '';
170
+ // Skip comments
171
+ if (isCommentLine(line)) {
172
+ continue;
173
+ }
174
+ for (const pattern of CSP_SECURITY_PATTERNS) {
175
+ const match = pattern.match(line);
176
+ if (match) {
177
+ violations.push({
178
+ line: lineNum + 1,
179
+ column: match.index,
180
+ message: pattern.message,
181
+ severity: pattern.severity,
182
+ suggestion: pattern.suggestion,
183
+ match: match[0],
184
+ filePath,
185
+ });
186
+ }
187
+ }
188
+ }
189
+ return violations;
190
+ },
191
+ });
192
+ //# sourceMappingURL=csp-headers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"csp-headers.js","sourceRoot":"","sources":["../../../src/checks/security/csp-headers.ts"],"names":[],"mappings":"AAAA,4IAA4I;AAC5I,iJAAiJ;AACjJ,+HAA+H;AAC/H,iGAAiG;AACjG;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,aAAa,EAAuB,MAAM,sBAAsB,CAAC;AAEvF;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,gDAAgD;QACrD,GAAG,EAAE,0CAA0C;KAChD,CAAC,CAAC;IACH,OAAO,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,8CAA8C;QACnD,GAAG,EAAE,wCAAwC;KAC9C,CAAC,CAAC;IACH,OAAO,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,+CAA+C;QACpD,GAAG,EAAE,wCAAwC;KAC9C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,CAAC,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IAC3F,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,sDAAsD;QAC3D,GAAG,EAAE,gDAAgD;KACtD,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IACvF,uIAAuI;IACvI,OAAO,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,IAAY;IAC3C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,yDAAyD;QAC9D,GAAG,EAAE,+CAA+C;KACrD,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,OAAO,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,oCAAoC;AACpC,MAAM,qBAAqB,GAAG;IAC5B,wBAAwB;IACxB;QACE,KAAK,EAAE,iBAAiB;QACxB,OAAO,EAAE,wEAAwE;QACjF,UAAU,EACR,oLAAoL;QACtL,QAAQ,EAAE,SAAkB;KAC7B;IACD,cAAc;IACd;QACE,KAAK,EAAE,eAAe;QACtB,OAAO,EAAE,iFAAiF;QAC1F,UAAU,EACR,8KAA8K;QAChL,QAAQ,EAAE,OAAgB;KAC3B;IACD,kBAAkB;IAClB;QACE,KAAK,EAAE,gBAAgB;QACvB,OAAO,EAAE,4DAA4D;QACrE,UAAU,EACR,0IAA0I;QAC5I,QAAQ,EAAE,SAAkB;KAC7B;IACD,sBAAsB;IACtB;QACE,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,wDAAwD;QACjE,UAAU,EACR,uJAAuJ;QACzJ,QAAQ,EAAE,SAAkB;KAC7B;IACD,sCAAsC;IACtC;QACE,KAAK,EAAE,uBAAuB;QAC9B,OAAO,EAAE,2EAA2E;QACpF,UAAU,EACR,kKAAkK;QACpK,QAAQ,EAAE,OAAgB;KAC3B;CACF,CAAC;AAEF,4CAA4C;AAC5C,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,KAAK,CAAC,CAAC;AAElG;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,iDAAiD;QACtD,GAAG,EAAE,2DAA2D;KACjE,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAC3C,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,WAAW,CAAC;IACpC,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,aAAa;IACnB,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE;IACzE,aAAa,EAAE,KAAK;IAEpB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,wDAAwD;IACrE,eAAe,EAAE;;;;;;;;;;;iJAW8H;IAC/I,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC;IAC3C,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,oCAAoC;YACzC,GAAG,EAAE,oDAAoD;SAC1D,CAAC,CAAC;QACH,gDAAgD;QAChD,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAEzB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;gBAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClC,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,OAAO,GAAG,CAAC;wBACjB,MAAM,EAAE,KAAK,CAAC,KAAK;wBACnB,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,15 @@
1
+ /**
2
+ * @fileoverview Dependency Vulnerability Audit Check
3
+ *
4
+ * Runs the project's package-manager audit (pnpm/yarn/npm) and turns
5
+ * the result into fitness violations. Static-analysis tools like
6
+ * semgrep ship as separate checks (`semgrep-scan`).
7
+ */
8
+ /**
9
+ * Check: security/dependency-vulnerability-audit
10
+ *
11
+ * Dependency vulnerability scanning via the project's package
12
+ * manager.
13
+ */
14
+ export declare const dependencyVulnerabilityAudit: import("@opensip-cli/fitness").Check;
15
+ //# sourceMappingURL=dependency-vulnerability-audit.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dependency-vulnerability-audit.d.ts","sourceRoot":"","sources":["../../../src/checks/security/dependency-vulnerability-audit.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAQH;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,sCAiGvC,CAAC"}
@@ -0,0 +1,184 @@
1
+ // @fitness-ignore-file unused-config-options -- Config options reserved for future use or environment-specific
2
+ /**
3
+ * @fileoverview Dependency Vulnerability Audit Check
4
+ *
5
+ * Runs the project's package-manager audit (pnpm/yarn/npm) and turns
6
+ * the result into fitness violations. Static-analysis tools like
7
+ * semgrep ship as separate checks (`semgrep-scan`).
8
+ */
9
+ import { defineCheck } from '@opensip-cli/fitness';
10
+ // =============================================================================
11
+ // CHECK DEFINITION
12
+ // =============================================================================
13
+ /**
14
+ * Check: security/dependency-vulnerability-audit
15
+ *
16
+ * Dependency vulnerability scanning via the project's package
17
+ * manager.
18
+ */
19
+ export const dependencyVulnerabilityAudit = defineCheck({
20
+ id: '4dadedc7-24e6-4e36-b006-3f0ba93d55bb',
21
+ slug: 'dependency-vulnerability-audit',
22
+ scope: { languages: ['typescript'], concerns: ['backend'] },
23
+ confidence: 'medium',
24
+ description: 'Dependency vulnerability scanning via package manager audit',
25
+ longDescription: `**Purpose:** Runs dependency vulnerability scanning using the project's package manager (pnpm, yarn, or npm).
26
+
27
+ **Detects:**
28
+ - Critical and high severity vulnerabilities (reported as errors)
29
+ - Moderate severity vulnerabilities (reported as warnings)
30
+ - Auto-detects package manager from lockfile: pnpm-lock.yaml → pnpm, yarn.lock → yarn, otherwise npm
31
+
32
+ **Why it matters:** Automated security scanning catches known vulnerabilities in dependencies before they reach production, reducing the attack surface.
33
+
34
+ **Scope:** General best practice. Runs external tool (\`command\`): auto-detected \`audit --json\`. 3-minute timeout for longer scans.`,
35
+ tags: ['security', 'compliance', 'quality'],
36
+ fileTypes: ['ts', 'tsx'],
37
+ timeout: 180_000, // 3 minutes - security scans take longer
38
+ command: {
39
+ // Detect package manager: prefer pnpm > yarn > npm (matches lockfile present in cwd)
40
+ bin: 'sh',
41
+ args: [
42
+ '-c',
43
+ 'if [ -f pnpm-lock.yaml ]; then pnpm audit --json 2>/dev/null; elif [ -f yarn.lock ]; then yarn audit --json 2>/dev/null; else npm audit --json 2>/dev/null; fi; exit 0',
44
+ ],
45
+ expectedExitCodes: [0, 1], // audit tools return 1 when vulnerabilities found
46
+ /* v8 ignore start -- npm audit parse exercised via integration tests (requires lockfile + audit CLI) */
47
+ parseOutput(stdout, _stderr, _exitCode) {
48
+ const violations = [];
49
+ // Parse npm/pnpm audit results.
50
+ //
51
+ // The metadata totals roll up EVERY advisory including dev-only
52
+ // transitive ones (e.g. vitest → vite). Those don't ship to
53
+ // production. To avoid false-positives on dev-only chains, walk
54
+ // the per-advisory `findings[].paths[]` and reduce the count to
55
+ // advisories that have at least one non-dev path.
56
+ try {
57
+ const auditResult = JSON.parse(stdout);
58
+ // Filter to production-affecting advisories. A finding is
59
+ // production-affecting if it has at least one path whose
60
+ // `dev` flag is not true. Absence of metadata = treat as
61
+ // production (conservative).
62
+ const prodCounts = countProductionAdvisories(auditResult);
63
+ const count = prodCounts.critical + prodCounts.high + prodCounts.moderate;
64
+ if (count > 0) {
65
+ const severity = getNpmAuditSeverityFromCounts(prodCounts);
66
+ violations.push({
67
+ line: 1,
68
+ message: `npm audit found ${count} production-affecting vulnerabilities`,
69
+ severity: severity === 'critical' || severity === 'high' ? 'error' : 'warning',
70
+ suggestion: 'Run `npm audit fix` to automatically fix vulnerabilities, or `npm audit` for details. For breaking changes, manually update the affected packages. Dev-only transitive vulnerabilities (e.g. via vitest, eslint) are excluded from this count.',
71
+ type: `security-${severity}`,
72
+ match: 'npm-audit',
73
+ filePath: 'package.json',
74
+ });
75
+ }
76
+ }
77
+ catch {
78
+ // @swallow-ok Ignore parse errors
79
+ }
80
+ return violations;
81
+ },
82
+ /* v8 ignore stop */
83
+ },
84
+ });
85
+ /**
86
+ * Dev-only tooling packages whose transitive vulnerabilities never
87
+ * reach production. pnpm's `audit --json` does not populate the
88
+ * per-finding `dev` flag, so we infer dev status from the first hop
89
+ * of the dependency path.
90
+ */
91
+ const DEV_ONLY_TOOL_ROOTS = new Set([
92
+ 'vitest',
93
+ '@vitest/coverage-v8',
94
+ 'eslint',
95
+ 'eslint-plugin-import',
96
+ 'eslint-plugin-sonarjs',
97
+ 'eslint-plugin-unicorn',
98
+ 'eslint-import-resolver-typescript',
99
+ '@typescript-eslint',
100
+ 'typescript-eslint',
101
+ 'turbo',
102
+ 'knip',
103
+ 'dependency-cruiser',
104
+ 'tsx',
105
+ 'tsup',
106
+ 'jest',
107
+ '@jest',
108
+ 'ink', // CLI UI testing - dev-time interactive surfaces
109
+ ]);
110
+ function isPathProduction(p) {
111
+ // pnpm format: 'workspace__pkg>dep>subdep'. Split on '>' and check
112
+ // whether the first non-workspace hop is a known dev-only tool.
113
+ const segments = p.split('>');
114
+ for (const seg of segments) {
115
+ if (seg.startsWith('packages__'))
116
+ continue;
117
+ if (seg === '.')
118
+ continue;
119
+ if (DEV_ONLY_TOOL_ROOTS.has(seg))
120
+ return false;
121
+ // Also match scoped variants like '@vitest/coverage-v8' or
122
+ // '@typescript-eslint/<sub>'.
123
+ if (seg.startsWith('@')) {
124
+ const scope = seg.split('/')[0];
125
+ if (scope !== undefined && DEV_ONLY_TOOL_ROOTS.has(scope))
126
+ return false;
127
+ }
128
+ // First real dep encountered — if it's not in the dev-only list,
129
+ // treat this path as production-affecting.
130
+ return true;
131
+ }
132
+ return true;
133
+ }
134
+ function isProductionFinding(f) {
135
+ if (f.dev === true)
136
+ return false;
137
+ const paths = f.paths ?? [];
138
+ if (paths.length === 0)
139
+ return true;
140
+ return paths.some((p) => isPathProduction(p));
141
+ }
142
+ function countProductionAdvisories(audit) {
143
+ const counts = { critical: 0, high: 0, moderate: 0, low: 0 };
144
+ const advisories = audit.advisories;
145
+ const vulnerabilities = audit.vulnerabilities;
146
+ if (advisories) {
147
+ for (const adv of Object.values(advisories)) {
148
+ const sev = adv.severity ?? 'low';
149
+ const findings = adv.findings ?? [];
150
+ const isProd = findings.some((f) => isProductionFinding(f));
151
+ if (isProd)
152
+ counts[sev] += 1;
153
+ }
154
+ return counts;
155
+ }
156
+ if (vulnerabilities) {
157
+ for (const v of Object.values(vulnerabilities)) {
158
+ const sev = v.severity ?? 'low';
159
+ const via = v.via ?? [];
160
+ const isProd = via.some((entry) => typeof entry === 'string' || entry.dev !== true);
161
+ if (isProd)
162
+ counts[sev] += 1;
163
+ }
164
+ return counts;
165
+ }
166
+ // Fallback: no per-advisory detail — use the rolled-up totals.
167
+ const meta = audit.metadata?.vulnerabilities ?? {};
168
+ counts.critical = meta.critical ?? 0;
169
+ counts.high = meta.high ?? 0;
170
+ counts.moderate = meta.moderate ?? 0;
171
+ counts.low = meta.low ?? 0;
172
+ return counts;
173
+ }
174
+ function getNpmAuditSeverityFromCounts(counts) {
175
+ if (counts.critical > 0)
176
+ return 'critical';
177
+ if (counts.high > 0)
178
+ return 'high';
179
+ if (counts.moderate > 0)
180
+ return 'moderate';
181
+ return 'low';
182
+ }
183
+ /* v8 ignore stop */
184
+ //# sourceMappingURL=dependency-vulnerability-audit.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dependency-vulnerability-audit.js","sourceRoot":"","sources":["../../../src/checks/security/dependency-vulnerability-audit.ts"],"names":[],"mappings":"AAAA,+GAA+G;AAC/G;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAExE,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,WAAW,CAAC;IACtD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,gCAAgC;IACtC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,CAAC,EAAE;IAE3D,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,6DAA6D;IAC1E,eAAe,EAAE;;;;;;;;;uIASoH;IACrI,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,SAAS,CAAC;IAC3C,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IACxB,OAAO,EAAE,OAAO,EAAE,yCAAyC;IAE3D,OAAO,EAAE;QACP,qFAAqF;QACrF,GAAG,EAAE,IAAI;QACT,IAAI,EAAE;YACJ,IAAI;YACJ,wKAAwK;SACzK;QACD,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,kDAAkD;QAE7E,wGAAwG;QACxG,WAAW,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS;YACpC,MAAM,UAAU,GAAqB,EAAE,CAAC;YAExC,gCAAgC;YAChC,EAAE;YACF,gEAAgE;YAChE,4DAA4D;YAC5D,gEAAgE;YAChE,gEAAgE;YAChE,kDAAkD;YAClD,IAAI,CAAC;gBA0BH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAgB,CAAC;gBAEtD,0DAA0D;gBAC1D,yDAAyD;gBACzD,yDAAyD;gBACzD,6BAA6B;gBAC7B,MAAM,UAAU,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;gBAC1D,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC;gBAE1E,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,QAAQ,GAAG,6BAA6B,CAAC,UAAU,CAAC,CAAC;oBAC3D,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,CAAC;wBACP,OAAO,EAAE,mBAAmB,KAAK,uCAAuC;wBACxE,QAAQ,EAAE,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;wBAC9E,UAAU,EACR,gPAAgP;wBAClP,IAAI,EAAE,YAAY,QAAQ,EAAE;wBAC5B,KAAK,EAAE,WAAW;wBAClB,QAAQ,EAAE,cAAc;qBACzB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,kCAAkC;YACpC,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,oBAAoB;KACrB;CACF,CAAC,CAAC;AAUH;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,QAAQ;IACR,qBAAqB;IACrB,QAAQ;IACR,sBAAsB;IACtB,uBAAuB;IACvB,uBAAuB;IACvB,mCAAmC;IACnC,oBAAoB;IACpB,mBAAmB;IACnB,OAAO;IACP,MAAM;IACN,oBAAoB;IACpB,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,KAAK,EAAE,iDAAiD;CACzD,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,CAAS;IACjC,mEAAmE;IACnE,gEAAgE;IAChE,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,SAAS;QAC3C,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QAC1B,IAAI,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,2DAA2D;QAC3D,8BAA8B;QAC9B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,KAAK,KAAK,SAAS,IAAI,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC1E,CAAC;QACD,iEAAiE;QACjE,2CAA2C;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,CAA+C;IAC1E,IAAI,CAAC,CAAC,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AAUD,SAAS,yBAAyB,CAAC,KAYlC;IACC,MAAM,MAAM,GAAwB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAClF,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;IACpC,MAAM,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;IAE9C,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;YAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,IAAI,MAAM;gBAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC;YAChC,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;YACpF,IAAI,MAAM;gBAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,+DAA+D;IAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,eAAe,IAAI,EAAE,CAAC;IACnD,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;IAC7B,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,6BAA6B,CAAC,MAA2B;IAChE,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC3C,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IACnC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC3C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,oBAAoB"}
@@ -0,0 +1,11 @@
1
+ /**
2
+ * @fileoverview Detect secrets exposed through env vars in logs/errors
3
+ */
4
+ /**
5
+ * Check: security/env-secret-exposure
6
+ *
7
+ * Detects secrets that might be exposed through environment variables
8
+ * in logs or error messages.
9
+ */
10
+ export declare const envSecretExposure: import("@opensip-cli/fitness").Check;
11
+ //# sourceMappingURL=env-secret-exposure.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env-secret-exposure.d.ts","sourceRoot":"","sources":["../../../src/checks/security/env-secret-exposure.ts"],"names":[],"mappings":"AAIA;;GAEG;AAyEH;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,sCA+D5B,CAAC"}